A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
A new version of the Destover malware includes a legitimate certificate from Sony. But a researcher claims it's a hoax. Meanwhile, new evidence emerges that the hackers who attacked Sony Pictures Entertainment had criminal - not nation-state - intentions.
Security experts are sounding warnings that a flaw known as POODLE, revealed Oct. 14, can now be used to decrypt some Internet communications secured using TLS. Vendors have begun describing workarounds and issuing patches.
Ten months after NIST issued a draft report proposing changes on how it develops cryptographic standards, following reports that the NSA tampered with a NIST cryptographic algorithm, the institute has yet to finalize that guidance.
Federal regulators are sending a powerful message about the importance of applying software patches by slapping an Alaska mental health services providers with a $150,000 HIPAA sanction. Learn what's included in the corrective action plan.
The "wiper" malware attack against Sony Pictures Entertainment has numerous commonalities with previous wiper attacks in Saudi Arabia and South Korea. This infographic summarizes the attacks and highlights their similarities.
Federal regulators have issued a strategic health IT plan that includes five goals, including advancing secure health information exchange. Could more EHR certification requirements and another information sharing and analysis center be in the works?
The sponsor of Senate-approved FISMA reform, Tom Carper, says it's not a done deal because the House has a dispute over which committee - Homeland Security or Oversight and Governmental Reform - has jurisdiction over the legislation.
The hacking gang Lizard Squad has claimed credit for knocking Sony's PlayStation Network offline. Meanwhile, investigators continue to suspect North Korea may have launched the recent, "unprecedented" hack of Sony Pictures Entertainment.
A New York radiologist faces three misdemeanor charges for allegedly stealing health information of 97,000 patients. Find out why a district attorney is advocating a change in state law to permit tougher charges in such cases.
Security practitioners must change their mindset, says Dave Merkel of FireEye. We have to stop thinking we're preserving peace and realize that we're responding to warfare from well-armed attackers, he contends in this video interview.
Leading this week's industry news roundup, Soltra, an FS-ISAC and DTCC joint venture, launches a threat intelligence platform, while Tripwire and Palo Alto Networks announce the integration of APT technologies.
Except for the leak of celebrities' private data, the "wiper" malware attack against Sony Pictures Entertainment shares "extraordinary" similarities with previous wiper attacks in Saudi Arabia and South Korea, a security researcher finds.
The National Health ISAC is making available to its members a new intelligence platform that aims to ease cyberthreat information sharing. Find out how it compares with a similar offering from HITRUST.